Daniel Gordon
@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
They dropped this in August which was better than I expected from an AI company. www.anthropic.com/news/detecti...
They’ve hired some established names in CTI.
I honestly don’t consider this recent report to be that extraordinary given the number of people trying to figure how to AI everything.
They’ve hired some established names in CTI.
I honestly don’t consider this recent report to be that extraordinary given the number of people trying to figure how to AI everything.
November 13, 2025 at 9:36 PM
They dropped this in August which was better than I expected from an AI company. www.anthropic.com/news/detecti...
They’ve hired some established names in CTI.
I honestly don’t consider this recent report to be that extraordinary given the number of people trying to figure how to AI everything.
They’ve hired some established names in CTI.
I honestly don’t consider this recent report to be that extraordinary given the number of people trying to figure how to AI everything.
They’re sharper and more careful than I am though maybe I’m a low bar to clear
November 13, 2025 at 9:01 PM
They’re sharper and more careful than I am though maybe I’m a low bar to clear
Lots of orgs redact IOCs, which I hate, but when you have only one method of detection, you don’t broadcast it for the adversary.
I believe you know security folks but you don’t know the CTI team or you wouldn’t be posting.
Why would they call a 3rd party about platform abuse? Also Bishop Fox wtf?
I believe you know security folks but you don’t know the CTI team or you wouldn’t be posting.
Why would they call a 3rd party about platform abuse? Also Bishop Fox wtf?
November 13, 2025 at 8:50 PM
Lots of orgs redact IOCs, which I hate, but when you have only one method of detection, you don’t broadcast it for the adversary.
I believe you know security folks but you don’t know the CTI team or you wouldn’t be posting.
Why would they call a 3rd party about platform abuse? Also Bishop Fox wtf?
I believe you know security folks but you don’t know the CTI team or you wouldn’t be posting.
Why would they call a 3rd party about platform abuse? Also Bishop Fox wtf?
Cannot believe I’m defending an AI company but no 1,4,5 are not legit. Like not even slightly legit.
November 13, 2025 at 8:35 PM
Cannot believe I’m defending an AI company but no 1,4,5 are not legit. Like not even slightly legit.
AI will do it for us!
November 13, 2025 at 3:50 PM
AI will do it for us!
Doesn’t look like DPRK to me, should probably give them your social security number
November 10, 2025 at 2:15 PM
Doesn’t look like DPRK to me, should probably give them your social security number
I don’t know. Not a lot of public info on that. In the current environment, I suspect they write a love letter, do a photo op, and build a hotel and get him back for free but 🤷♂️
November 10, 2025 at 12:57 AM
I don’t know. Not a lot of public info on that. In the current environment, I suspect they write a love letter, do a photo op, and build a hotel and get him back for free but 🤷♂️
If you defect, your family goes to a prison camp or worse.
November 9, 2025 at 11:04 PM
If you defect, your family goes to a prison camp or worse.
*Screams incoherently at five different things about this that make no sense*
November 9, 2025 at 6:36 PM
*Screams incoherently at five different things about this that make no sense*
I know dunking on this is fun and all but if you watch the clip Christo is laughing and mocking this conspiracy theory he heard from Russian intel. I’ve heard stories about the terrible quality of Russian intel but this is bad.
"Famed spy hunter"
November 8, 2025 at 4:17 PM
A lot of “infrastructure geolocates to X, therefore state sponsored by X”. A lot of “major ransomware attack was to distract from an [unrelated] major espionage intrusion” and a lot of “I heard about something a couple times therefore growing trend”.
November 8, 2025 at 1:57 PM
A lot of “infrastructure geolocates to X, therefore state sponsored by X”. A lot of “major ransomware attack was to distract from an [unrelated] major espionage intrusion” and a lot of “I heard about something a couple times therefore growing trend”.
With that said I’ve certainly seen this kind of thing from western intel folks as well and spent way more time than I would like debunking grand conspiracy theories and wild unsupported attribution statements.
November 8, 2025 at 1:57 PM
With that said I’ve certainly seen this kind of thing from western intel folks as well and spent way more time than I would like debunking grand conspiracy theories and wild unsupported attribution statements.
Also I should note Christo is relaying Russian intel RUMINT rather than things he actually believes.
November 7, 2025 at 12:28 AM
Also I should note Christo is relaying Russian intel RUMINT rather than things he actually believes.
Malware used in Bangladesh had similarities to malware used in Sony and other DPRK bank heists. Christov is claiming that access got handed off i believe, not that the whole hack was misattributed. baesystemsai.blogspot.com/2016/05/cybe...
Cyber Heist Attribution
Written by Sergei Shevchenko and Adrian Nish BACKGROUND Attributing a single cyber-attack is a hard task and often impossible. However, ...
baesystemsai.blogspot.com
November 6, 2025 at 11:57 PM
Malware used in Bangladesh had similarities to malware used in Sony and other DPRK bank heists. Christov is claiming that access got handed off i believe, not that the whole hack was misattributed. baesystemsai.blogspot.com/2016/05/cybe...
Christov claims that they handed off access, not false flags. There are a lot of examples of handing off access but norm is actors from the same state or crim -> state. This kind of handoff is an extraordinary claim requiring legit evidence especially because of a timeline that doesn’t make sense.
November 6, 2025 at 11:51 PM
Christov claims that they handed off access, not false flags. There are a lot of examples of handing off access but norm is actors from the same state or crim -> state. This kind of handoff is an extraordinary claim requiring legit evidence especially because of a timeline that doesn’t make sense.
I didn’t know that it was a non-starter on both sides of the aisle. Would you be willing to elaborate?
November 6, 2025 at 3:37 AM
I didn’t know that it was a non-starter on both sides of the aisle. Would you be willing to elaborate?